• IT Compliance Analyst

    Posted Date 2 weeks ago(12/6/2018 2:42 PM)
    Information Technology
    Experience Level
    Shift (Days/Times)
    M-F, 9am-6pm
  • Overview

    The IT Compliance Analyst role will assist with the development and deployment of RFA’s IT Compliance service offering and participate in client-facing meetings, internal/external presentations, solution deployment/execution/testing as well as other internal requirements.  Under the supervision of the IT Compliance Manager, our IT Compliance Analyst will assist with RFA’s IT Compliance processes to support management in achieving the strategic objectives of the Company.


    RFA’s IT Compliance Analyst will work with individuals from multiple departments and interface with all levels of Company and Client staff including C-Level professionals, Management and Vendors while managing a diverse workload within a dynamic and fast-paced environment. 


    • Assist with the maintenance of legal and regulatory compliance by researching and communicating requirements and obtaining approvals.
    • Research regulations by reviewing and monitoring regulatory and best practice bulletins and other information sources.
    • Assist with the development and implementation of Information Security, Business Continuity, Disaster Recovery, Incident Response policies and procedures.
    • Assist in completion of phishing testing and online user training configuration, reporting and analysis.
    • Coordinate vulnerability scans, vulnerability scan findings analysis with clients, completion of findings remediation.
    • Coordinate penetration testing with external vendors.
    • Coordinate penetration testing findings analysis with clients, completion of findings remediation with internal resources.
    • Client due diligence questionnaire completion and response analysis with clients along with external vendor due diligence questionnaires and due diligence questionnaires pertaining to RFA.
    • Complete vendor due diligence questionnaires from clients and external third parties.
    • Assist with client audits including request analysis and completion with internal resources, response correlation and explanations to clients, onsite assistance with clients during auditor questioning.
    • Gap analysis completion and assessment of client environments with relation to regulatory requirements and industry best practices.
    • Respond to client needs as they arise.
    • Project management for IT Compliance projects and initiatives.
    • Ensure RFA policy and procedure documentation is up to date and accurate. Coordinate RFA internal testing initiatives to ensure compliance with policy mandates.
    • Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
    • Assist with the development, implementation and maintain IT Compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules for Information Technology Services (ITS).
    • Prioritize and control projects based on severity of risk and non-compliance; communicates control strengths and weaknesses to internal audit and compliance and collaborates with internal audit to develop migration plans.
    • Assist in the design and enhancement of internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists internal audit team and serves as a liaison with external auditors to facilitate auditing process.


    Required Skills and Qualifications:

    • 3-5 + years’ experience in information and cybersecurity including ISO / SOC frameworks and regulatory (SEC, FINRA, FCA, GDPR, NYDFS, NIST, SANS etc.) compliance and regulatory frameworks.
    • Bachelors or higher degree from accredited university; Information Security, Computer Systems or similar is a plus.
    • Strong analytical and decision making skills.
    • Strong technical writing sckills.
    • Excellent verbal, written and presentation skills.
    • Effective influence and guidance across various organizational units using strong interpersonal skills.
    • Effective prioritization and task management skills.
    • Able to adapt quickly to shifting priorities, demands and timelines using strong analytical and problem solving.
    • Strong ability for independent work as well as team coordination across multiple levels of staff and external parties.
    • Strong customer service standards.
    • The individual will be expected to work with minimal guidance and take ownership of work and output.

    Additional Certifications:

    • CISSP, CISA, CISM, ISO 27001 Lead Auditor a plus
    • Microsoft, C++, Python, PowerShell knowledge and experience a plus


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed